#!/usr/bin/perl
#  Copyright 2001-2009 Leslie Richardson

#  This file is part of Open Admin for Schools.

#  Open Admin for Schools is free software; you can redistribute it 
#  and/or modify it under the terms of the GNU General Public License
#  as published by the Free Software Foundation; either version 2 of 
#  the License, or (at your option) any later version.

%lex = ('Edit' => 'Edit',
	'Staff Member' => 'Staff Member',
	'Main' => 'Main',
	'Eoy' => 'Eoy',
	'Unable to open template file:' => 'Unable to open template file:',
	'The staff member is now stored' => 'The staff member is now stored',
	'Start/End of Year Page' => 'Start/End of Year Page',
	'Edit Another' => 'Edit Another',
	'There was an error storing your data' => 'There was an error storing your data',
	'Please record the following error' => 'Please record the following error',
	'Contact' => 'Contact',
	'Update' => 'Update',
	'Error' => 'Error',
	'Password Error' => 'Password Error',
	'You MUST have a unique userid and a password and staff position.' => 
	  'You MUST have a unique userid and a password and staff position.',
	'Please go back and try again.' => 'Please go back and try again.',
	'Error' => 'Error',

	 );

my $self = 'staffed.pl';


use CGI;
use DBI;
use Data::Password qw(:all);  # for password checking...

eval require "../../etc/admin.conf";
if ( $@ ) {
    print $lex{Error}. ": $@<br>\n";
    die $lex{Error}. ": $@\n";
}

eval require "../../lib/libmeta.pl";
if ( $@ ) {
    print $lex{Error}. " $@<br>\n";
    die $lex{Error}. " $@\n";
}

my $q = new CGI;
print $q->header( -charset, $charset ); 
my %arr = $q->Vars;
my $recid = $arr{id};

my $table;
if ( $arr{tbl} ) {
    $table = 'prereg_staff';
} else {
    $table = 'staff';
}



my $dsn = "DBI:$dbtype:dbname=$dbase";
$dbh = DBI->connect($dsn,$user,$password);


# Print Page Header
print "$doctype\n<html><head><title>\n";
print $lex{Edit}. q{ }. $lex{'Staff Member'};
print "</title><link rel=\"stylesheet\" href=\"$css\" type=\"text/css\">\n";

print "$chartype\n</head><body>[ <a href=\"$homepage\">";
print $lex{Main}, "</a> | <a href=\"$eoypage\">";
print $lex{Eoy}, "</a> ]<center><h1>\n";

if ($arr{tbl}) {
    print $lex{Edit}. " <font color=red>Prereg</font> ". $lex{'Staff Member'};
} else {
    print $lex{Edit}. q{ }. $lex{'Staff Member'};
}

print "</h1>\n";

if ($arr{writeflag}) {
    delete $arr{writeflag};
    writeRecord();
}


# Read in Template as single text variable
unless (open (FH,"<../../template/staff.tpl")) {
    print $lex{'Unable to open template file:'},"$!\n";
    die $lex{'Unable to open template file:'},"$!\n";
}
my $text;
{ local $/; $text = <FH>; close FH;}

# Create meta hash - %fields fieldid => fieldname
my $sth = $dbh->prepare("select id, fieldid, fieldname from meta
  where tableid = 'staff'"); # order doesn't matter.
$sth->execute;
if ($DBI::errstr) { print $DBI::errstr; die $DBI::errstr; }
while (my ($id, $fieldid, $fieldname) = $sth->fetchrow) {
    $fields{$fieldid} = $fieldname;
}

# Now put add fieldname into $text in using %fields hash.
$text =~ s{\<\*(.*?)\*\>}
          { exists($fields{$1}) 
		? $fields{$1} 
	        : $1
          }gsex;


# now do form entry replacement elements <@name@> 
my $hash_ref = metaForm($table, $recid, 'edit');

# now put field values into $text variable...
$text =~ s{ \<\@(.*?)\@\> }
{ exists($hash_ref->{$1}) 
      ? $hash_ref->{$1} 
  : "$hashref->{$1}-$1"
  }gsex;


# print top of form, then $text, then bottom of page.
print "<form action=\"$self\" method=\"post\"> 
<input type=\"hidden\" name=\"writeflag\" value=\"1\">
<input type=\"hidden\" name=\"tbl\" value=\"$arr{tbl}\">
<input type=\"hidden\" name=\"id\" value=\"$recid\">\n";
print "<input type=\"submit\" value=\"". $lex{Update}. q{ }. $lex{'Staff Member'}. "\">\n";

print $text,"\n";

print "<input type=\"submit\" value=\"". $lex{Update}. q{ }. $lex{'Staff Member'}. "\">\n";

print "</center></form></center></body></html>\n";



#--------------
sub writeRecord {
#--------------

    # Make sure we have userid, password, and position filled....
    if ( not $arr{userid} or not $arr{position} or not $arr{passwd} ){
	print "<h1>". $lex{'You MUST have a unique userid and a password and staff position.'};
	print "\n";
	print $lex{'Please go back and try again.'}. "</h1></body></html>\n";
	exit;
    }


    # Check for password quality using Data::Password module.
    $MINLEN = $password_minlen;
    $MAXLEN = $password_maxlen;
    $DICTIONARY = 4;

    if ( IsBadPassword( $arr{passwd} ) ) {
	print "<h1 style=\"color:red;\">". $lex{'Password Error'}. "<br>\n";
	print IsBadPassword( $arr{passwd} );
	print "</h1></body></html>\n";
	die IsBadPassword( $arr{passwd} );
    }


    # marker for prereg mode or normal mode.
    my $table = 'staff';
    my $prereg;
    if ( $arr{tbl} ){ 
	$prereg = $arr{tbl};
	$table = 'prereg_staff';
    }
    delete $arr{tbl};
 
    # foreach my $key (keys %arr) { print "K:$key V:$arr{$key}<br>\n"; }

    my $id = $arr{id};
    delete $arr{id};

    foreach my $key ( keys %arr ) {
	$sth = $dbh->prepare("update $table set $key = ? where id = $id");
	$sth->execute( $arr{$key} );
	if ( $DBI::errstr ) { print $DBI::errstr; die $DBI::errstr; }
    }

    if ( not $DBI::errstr ) {
	print "<h3>". $lex{'The staff member is now stored'};
	print ".</h3></p>";
    } else {
	print "<h3>".$lex{'There was an error storing your data'}. q{ };
	print $lex{Contact};
	print " $adminname - <a href=\"mailto:$adminemail\">$adminemail</a>\n";
	print $lex{'Please record the following error'}. " $DBI::errstr";
	print "</h3>\n";
    }

    print "<p>[ <a href=\"$homepage\">".$lex{Main}."</a> | <a href=\"$eoypage\">";
    print $lex{'Start/End of Year Page'}."</a> |\n";

    if ($prereg) {
	print "<a href=\"staffdeled.pl?tbl=prereg\">";
	print $lex{'Edit Another'}. " <font color=red>Prereg</font> ". $lex{'Staff Member'};
    } else {
	print "<a href=\"staffdeled.pl\">". $lex{'Edit Another'}. q{ }. $lex{'Staff Member'};
    }

    print "</a> ]</p></center></body></html>\n";

    exit;

}


#-----------
sub metaForm {  # return HTML form elements for data entry via single hash.
#-----------
    my ($table,$recid,$mode) = @_;
    # passed table, recid (to look up values),
    #  $mode uses checkboxes in 'add' mode, but disables to text entry in 'edit' mode.

    # Find the records in the meta table
    if ( $table eq 'prereg_staff' ){ $metatable = 'staff'; } else { $metatable = 'staff'; }

    my $sth = $dbh->prepare("select id, arrayidx, size, fieldid, defaultvalue, 
     formtype, viewsize from meta where tableid = '$metatable' order by arrayidx");
    $sth->execute;
    if ($DBI::errstr){print $DBI::errstr; die $DBI::errstr;}

    my %fieldhash;
    my @values;
    
    while (my ($id, $index, $size, $fieldid, $default, $formtype, $viewsize) = $sth->fetchrow) {

	# get the 'name' of the id field... eventually they will all be 'id'.
	if ($index == 0) { # We can now can the name of the id field...
	    $recidname = $fieldid;  # so we can use passed recid to get the data...
	    if ($recid){ # we have a passed record value
		# Find the record 
		my $sth = $dbh->prepare("select * from $table 
                 where $recidname = '$recid'");
		$sth->execute;
		if ($DBI::errstr){print $DBI::errstr; die $DBI::errstr;}
		@values = $sth->fetchrow; # used below to populate
	    }
	} 
	# if passed a recid, we should have all record values, now.


	my $rv;
	if (lc($formtype) eq 'text'){ # text input box
	    $rv = "<input type=\"text\" name=\"$fieldid\" ";
	    if (not $size){ $size = 255;}
	    $rv .= "size=\"$viewsize\" maxlength=\"$size\" value=\"$values[$index]\">\n";

	} elsif (lc($formtype) eq 'select'){ # submit element
	    $rv = "<select name=\"$fieldid\">";
	    $default =~ s/\s*$//; # remove trailing space.
	    my @defaults = split /\s+/,$default;
	    #print "The defaults are:",@defaults,":<br>\n";
	    if ($mode eq 'edit'){ $rv .= "<option>$values[$index]</option>";}
	    foreach my $df (@defaults){
		# skip if edit mode and has a tilde for a ~Choose One~
		if ($df =~ m/\~.*/) {
		    if ($mode eq 'edit') { 
			next; 
		    } else { 
			$rv .= '<option></option>'; next; 
		    }
		}
		if ($df eq $fieldval){ next; }
		$df =~ s/_/ /g;  # replace underscores with spaces
		$rv .= "<option>$df</option>";
	    }
	    $rv .= "<option></option></select>"; # now include blank; 
	    # above needed in edit mode when removing a value (reset to blank)

	} elsif (lc($formtype) eq 'textarea'){ # textarea element
	    $viewsize =~ s/\s//g; # strip any space.
	    my ($rows, $cols);
	    my ($row,$col) = split /x/,$viewsize;
	    if ($row){ $rows = "rows=\"$row\""; }
	    if ($col){ $cols = "cols=\"$col\""; }
	    $rv = "<textarea name=\"$fieldid\" $rows $cols>$values[$index]</textarea>";

	} elsif (lc($formtype) eq 'checkbox'){ # checkbox element
	    if ($mode eq 'edit'){ 
		$rv = "<input type=\"text\" name=\"$fieldid\" size=\"2\" ";
		$rv .= "value=\"$values[$index]\">\n";
	    } else {
		$rv = "<input type=\"checkbox\" name=\"$fieldid\" ";
		$rv .= "value=\"Y\">\n";
	    }

	} else { # unknown form element
	    print "Error: Unknown form element type: $formtype for ";
	    print "table: $table field: $field. ";
	    print "We can handle text, textarea, checkbox, and select only!<br>\n";
	    die;
	}

	$fieldhash{$fieldid} = $rv;

    } # Loop reading each field.

    return \%fieldhash;

} # End of metaForm